Fix participants detection for system notes
What does this MR do and why?
Contributes to #409006 (closed)
Problem
Previously we implemented an optimization to improve the performance of participants detection.
Merge request: !98116 (merged)
Instead of checking permissions for each element on the page, we started checking permissons for issuable object (issue, merge request, epic).
However, this approach doesn't work well for system notes. System note requires a permission check on Note object itself. Checking it on issuable will skip the verification for system note content.
Solution
Fallback to verifying permissions for system notes on Note objects.
How to set up and validate locally
- See steps to reproduce #409006 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.